News - Security Ticks

Incognito dark web drug market operator gets 30 years in prison

cybercrime, dark web, Government, law enforcement, News, US DoJ, USA / SecurityTicks

Incognito dark web drug market operator gets 30 years in prison 2026-02-04 at 18:17 By Sinisa Markovic Rui-Siang Lin, a Taiwanese national, was sentenced to 30 years in U.S. federal prison for operating Incognito Market, one of the world’s largest illicit online narcotics marketplaces. Incognito Market splash page and graphical interface Incognito Market operated on […]

Incognito dark web drug market operator gets 30 years in prison Read More »

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk

Don't miss, Google, News, Tenable, vulnerability, vulnerability disclosure / SecurityTicks

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk 2026-02-04 at 13:25 By Help Net Security Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Read More »

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic

Anthropic, apple, News, OpenAI, programming, software development / SecurityTicks

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic 2026-02-04 at 11:56 By Sinisa Markovic Apple released Xcode 26.3 with new agentic coding capabilities designed to let AI systems carry out development tasks inside the IDE. The release supports agents such as Anthropic’s Claude Agent and OpenAI’s Codex. Coding agents can break down

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic Read More »

Global Threat Map: Open-source real-time situational awareness platform

Don't miss, GitHub, Hot stuff, News, open source, software, threats / SecurityTicks

Global Threat Map: Open-source real-time situational awareness platform 2026-02-04 at 08:32 By Mirko Zorz Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack

Global Threat Map: Open-source real-time situational awareness platform Read More »

How Secure by Design helps developers build secure software

Center for Internet Security, Don't miss, Hot stuff, News / SecurityTicks

How Secure by Design helps developers build secure software 2026-02-04 at 08:06 By Help Net Security Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean code. They’re being asked to build software that’s secure by design

How Secure by Design helps developers build secure software Read More »

Why incident response breaks down when it matters most

breach, cybersecurity, Don't miss, Incident Response, News, NR Labs, tips, Video / SecurityTicks

Why incident response breaks down when it matters most 2026-02-04 at 07:45 By Help Net Security In this Help Net Security video, Jon David, Managing Director, NR Labs, discusses why incident response often breaks down during a breach. Drawing on years of experience watching real attackers operate across many industries, he walks through what tends

Why incident response breaks down when it matters most Read More »

Auto finance fraud is costing dealers up to $20,000 per incident

automotive security, cybersecurity, Experian, fraud, identity, News, report / SecurityTicks

Auto finance fraud is costing dealers up to $20,000 per incident 2026-02-04 at 07:08 By Anamarija Pogorelec Auto retailers see fraud as a regular part of selling and financing vehicles, something that shows up often enough to plan around, according to Experian. Income and identity fraud lead the list Most fraud problems start with the

Auto finance fraud is costing dealers up to $20,000 per incident Read More »

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)

APT, CERT-UA, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Microsoft, MS Office, News, vulnerability, Zscaler / SecurityTicks

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) 2026-02-03 at 17:21 By Zeljka Zorz Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) Read More »

Download: Tines Voice of Security 2026 report

News, Tines, Whitepapers and webinars / SecurityTicks

Download: Tines Voice of Security 2026 report 2026-02-03 at 16:01 By Help Net Security Security teams everywhere are adopting AI. Yet manual work persists, workloads are rising, and burnout continues to climb. To understand what’s really changing, Tines surveyed 1,800+ security leaders and practitioners worldwide. The findings show where AI is delivering value, how security

Download: Tines Voice of Security 2026 report Read More »

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

APT, Asia, China, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Kaspersky, News, Rapid7 / SecurityTicks

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets 2026-02-03 at 15:34 By Zeljka Zorz Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gleaned

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Read More »

Sandisk brings SPRandom to open source for large SSD testing

backup, enterprise, hardware, News, Sandisk, SSD, storage / SecurityTicks

Sandisk brings SPRandom to open source for large SSD testing 2026-02-03 at 15:15 By Anamarija Pogorelec Enterprise storage environments already run long qualification cycles as solid-state drive capacities rise and validation teams try to mirror production workloads. Preconditioning steps now consume days of lab time for a single device, especially in data centers supporting AI

Sandisk brings SPRandom to open source for large SSD testing Read More »

Firefox to let users manage and block AI features

Artificial Intelligence, browser, Firefox, News / SecurityTicks

Firefox to let users manage and block AI features 2026-02-03 at 15:15 By Sinisa Markovic Mozilla will add a set of controls in Firefox that let users manage and block GenAI features in the desktop browser. The controls will be included in Firefox version 148 on February 24, 2026. “We believe choice is more important

Firefox to let users manage and block AI features Read More »

OpenAI releases Codex macOS app for agent-based software development

Artificial Intelligence, code, macOS, News, OpenAI, software / SecurityTicks

OpenAI releases Codex macOS app for agent-based software development 2026-02-03 at 13:17 By Anamarija Pogorelec OpenAI has launched the new Codex app for macOS, a dedicated workspace for managing multiple AI coding agents in parallel. The app is designed to help developers reduce repetitive work and focus on higher-level engineering tasks. Codex can write features,

OpenAI releases Codex macOS app for agent-based software development Read More »

Why boards must prioritize non-human identity governance

boardroom, CISO, cyber risk, cybersecurity, Don't miss, GitGuardian, Hot stuff, identity management, News, Non Human Identities, opinion / SecurityTicks

Why boards must prioritize non-human identity governance 2026-02-03 at 08:36 By Help Net Security Boards of Directors (BoDs) do three things exceptionally well when cyber is framed correctly. They set risk appetite, they allocate capital, and they demand evidence that the business can withstand disruption without losing momentum. Why cyber keeps becoming a board topic

Why boards must prioritize non-human identity governance Read More »

Open-source attacks move through normal development workflows

attacks, Don't miss, News, open source, report, ReversingLabs, supply chain, supply chain attacks, vulnerability management / SecurityTicks

Open-source attacks move through normal development workflows 2026-02-03 at 08:18 By Anamarija Pogorelec Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A

Open-source attacks move through normal development workflows Read More »

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS

2FAS, authentication, cybersecurity, Don't miss, identity management, identity protection, iOS, News, open source, Product showcase, software / SecurityTicks

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS 2026-02-03 at 07:47 By Anamarija Pogorelec Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer of verification, usually a six-digit code generated by an app on your

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS Read More »

Cybersecurity jobs available right now: February 3, 2026

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: February 3, 2026 2026-02-03 at 07:11 By Anamarija Pogorelec Application Security Engineer Liebherr Group | Germany | Hybrid – View job details As an Application Security Engineer, you will As an Application Security Engineer, you will implement and automate application security testing, perform vulnerability assessments and penetration testing, and work

Cybersecurity jobs available right now: February 3, 2026 Read More »

ShinyHunters flip the script on MFA in new data theft attacks

data theft, Don't miss, extortion, Google Cloud, Hot stuff, Mandiant, News, Silent Push, social engineering, SSO, tips, vishing / SecurityTicks

ShinyHunters flip the script on MFA in new data theft attacks 2026-02-02 at 18:50 By Zeljka Zorz Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in

ShinyHunters flip the script on MFA in new data theft attacks Read More »

How state-sponsored attackers hijacked Notepad++ updates

Asia, Don't miss, financial industry, government-backed attacks, Hot stuff, News, supply chain compromise, telecommunications / SecurityTicks

How state-sponsored attackers hijacked Notepad++ updates 2026-02-02 at 15:38 By Zeljka Zorz Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday. The attack timeline In early December 2025, security researcher

How state-sponsored attackers hijacked Notepad++ updates Read More »

Microsoft sets a path to switch off NTLM across Windows

authentication, cybersecurity, Microsoft, News, Windows / SecurityTicks

Microsoft sets a path to switch off NTLM across Windows 2026-02-02 at 13:13 By Sinisa Markovic Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been part of Windows for decades and continues to appear in some environments, particularly where

Microsoft sets a path to switch off NTLM across Windows Read More »